FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

powerdns-recursor -- cache pollution

Affected packages
4.3.0 <= powerdns-recursor < 4.3.5
4.2.0 <= powerdns-recursor < 4.2.5
4.1.0 <= powerdns-recursor < 4.1.18


VuXML ID a6860b11-0dee-11eb-94ff-6805ca2fa271
Discovery 2020-10-13
Entry 2020-10-14

PowerDNS Team reports:

CVE-2020-25829: An issue has been found in PowerDNS Recursor where a remote attacker can cause the cached records for a given name to be updated to the ‘Bogus’ DNSSEC validation state, instead of their actual DNSSEC ‘Secure’ state, via a DNS ANY query. This results in a denial of service for installations that always validate (dnssec=validate) and for clients requesting validation when on-demand validation is enabled (dnssec=process).


CVE Name CVE-2020-25829